Why the Freedom Box Won’t Save You

The temporary shutdown in Egypt of Internet and other telecommunication services, as well as similar interruptions in other Middle East countries experiencing large-scale protests and rebellions, has galvanized hackers and human rights activists as well as U.S. foreign policy makers. The consequences may be not be what anyone expected.

The technologies for secure, private, fault tolerant communication via the Internet exist but have not yet been widely implemented or bundled together in a single, user-friendly system.

Internet pioneer Vint Cerf was asked in a recent interview whether there was technical solution to a government shutdown of the Net. The Internet “is controllable by the government, [so] it’s possible to turn off the Internet,” he said. The solution, mesh networking, “can be done without benefit of things like routers provided by Internet Service providers.”

Mesh networking makes each device on a network capable of routing data to any other device, with the ability to rapidly change paths in the event of an interruption or blockage.

A current project of Cerf’s, the Interplanetary Internet, designed to overcome the delays and interruptions to communications during space exploration, could also be adapted to handle a partial shutdown of Net communications by an authoritarian government during a political crisis.

Eben Moglen, a Columbia law professor and software freedom advocate, first proposed the Freedom Box ‘ a tiny device that could provide private, secure, fault-tolerant Internet access using mesh networking ‘ at an Internet Society of New York event in February 2010. He has since founded the Freedom Box Foundation, has some early prototype software and expects to have a fully working device available for under $100 in twelve months. Another project, diaspora, was inspired by Moglen’s proposal and is developing a more privacy-friendly alternative to Facebook. The Freedom Box and diaspora both use a decentralized, peer-to peer model for improved security and to give the user more control.

On February 15, Hillary Clinton’s gave her second annual Net Freedom Speech, which denounced the Egyptian government for its Net shutdown. The State Department now has a number of initiatives and grants for the development of Internet censorship circumvention technologies.

But governments often have different agendas and policies for different situations. Egyptian strongman Hosni Mubarek was viewed as a “force of moderation” before he became a “dictator” when the geopolitical winds shifted. As Clinton was making her speech, Wired reported that the FBI Pushes for Surveillance Backdoors in Web 2.0 Tools and an antiwar protestor in Clinton’s audience was roughed up when he turned his back to her. Would he have been unscathed if he had tweeted his protest?

Even with the best intentions, high-profile Internet freedom initiatives by nation-states can have unexpected consequences. Evgeny Morozov says of Clinton’s speeches:

Clinton went wrong from the outset by violating the first rule of promoting Internet freedom: Don’t talk about promoting Internet freedom.

The state of web freedom in countries like China, Iran, and Russia was far from perfect before Clinton’s initiative, but at least it was an issue independent of those countries’ fraught relations with the United States.

Today, foreign governments — are now seeking “information sovereignty” from American companies — Internet search, social networking, and even email are increasingly seen as strategic industries that need to be protected from foreign control.

The U.S military has developed open source software for secure, private communication on the Internet, however. The Tor project, which develops Tor, a tool for private, encrypted communication on the Internet, is used by many dissidents in authoritarian countries, as well as by Wikileaks, and was originally sponsored by the U.S. Naval Research Laboratory.

But not every such project has been as successful. The Haystack program, designed to help Iranian dissidents, actually endangered them because it was easily intercepted by the Iranian authorities due to flaws in its design. It received a huge amount of hype but the developer, Austin Heap, refused to allow security experts to examine it. Nonetheless, the U.S. Treasury Department granted Heap an Office of Foreign Assets Control license to export the software to Iran, in effect endorsing it. By the time it the software bugs became publicly known, the damage had been done.

Open source software advocate and cyberliberties activist Eric Raymond was also helping Iranian dissidents connect to the outside world at that time. He reflects:

— to protect your network, and yourself, you have to accept that you are going to have relatively little information about what your network partners are doing and what their capabilities are –. my rationally-chosen ignorance left me unable to form judgments about whether people in my network were lying to me. More subtly — it left me unable to form judgments about whether they were lying to themselves.

I don’t mean to excuse whatever lies Austin Heap may have told, but I do mean to suggest he may well have been his own first victim.

Open source software, where the inner workings of a program are available for public scrutiny, is essential when developing tools for secure communication in a highly insecure environment.

But open source is not a panacea. Take the case of OpenBSD, an open source operating system bundled with thousands of applications, which has been optimized for security by a team of the world’s best security experts. OpenBSD is sponsored by a nonprofit foundation and many of the programmers volunteer their time.

At one point the U.S. Defense Advanced Research Project Agency (DARPA) gave OpenBSD a grant, then rescinded it when OpenBSD project leader Theo de Raadt made remarks critical of the Iraq war.

In December 2010, de Raadt received an email alleging the FBI had paid some OpenBSD ex-developers to insert backdoors into the software. He was skeptical but immediately made the email public and invited an independent review of the relevant program code. A few bugs were fixed but no evidence of a backdoor was found. So even though the allegations turned out to be false, they succeeded anyway ‘ as an act of psychological warfare ‘ by destroying trust in the OpenBSD project.

— ages in which the dominant weapon is expensive or difficult to make will tend to be ages of despotism, whereas when the dominant weapon is cheap and simple, the common people have a chance–. A complex weapon makes the strong stronger, while a simple weapon — so long as there is no answer to it — gives claws to the weak.

At first it would seem that a social networking service like twitter, recently used by many protesters in the Middle East, would fit Orwell’s definition of a “simple weapon” that “gives claws to the weak”. But in fact the situation is much more ambiguous. Twitter is a for-profit corporation which must maintain large data centers and a complex infrastructure. And they are subject to many financial, legal and political pressures.

Internet freedom initiatives must be independent of political connotations, run on a decentralized infrastructure, and use technology that is subject to public review by security experts. Most importantly, users must have complete trust in the skills and integrity of the people providing those tools and services.

One thought on “Why the Freedom Box Won’t Save You”

Hi, good food for thought. However, I think some of your arguments have been answered by Moglen himself in some his lectures in the last few years (a google video search will show that). Though, of course he can’t refute anything outright; only the future success of projects like Freedombox, Diaspora, and Identi.ca can do that,

A point I haven’t seen brought up is: why the obsession with the hardware? Does it matter whether this software runs on a plug computer, a spare PC, or a repurposed router (assuming it’s beefy enough, as some are)? Point is, this project should really be called FreedomSTACK, or some such. It’s not THAT hard to recompile something like this from an ARM platform to x86, etc., and visa-versa. I suppose it maybe easier to talk about, market or propagandize to ‘normal’ people this way, that’s all I can figure.